There's also a 'default-ssl' site/file which is disabled, so not sure if I should be doing something with that. I've tried enabling it and making changes, but mostly I run into a 'default duplicate' error.

So, based on the above setup, I just need to block access to [https]://123.55.44.123. Thanks in advance.

I do always run 'service apache2 reload' after making changes, just in case anyone is wondering.

2 Answers
2

Since the domain requested is in the http headers (and thus still encrypted when apache has to decide which vhost config to use) apache uses the IP and port to chose which SSL vhost config to use, not the domain name.

Edit:

I should have mentioned SNI and a couple other factors in my answer. SNI is an addition to TLS that allows servers to use multiple named virtual host configs on one IP/port combination. But since you only have one *:443 VirtualHost configuration block apache will always choose it.

What you want to do is possible, and the easiest way would be to activate default-ssl as a catchall for requests not targeted at a specific domain. I'm not quite sure what you mean by a 'default duplicate' error when activating default-ssl, the full error message might be more helpful. I could suggest naming the symlink 000-default-ssl so that any options you have in it are set first.

Thanks a lot, I've asked many people this question and nobody seemed to know the answer. Does this mean there's no way to block access to the server using the IP address (for SSL)? Is there any way to do that?
–
user2143356Oct 16 '13 at 23:33

I added some more detail to my answer, possibly 'default-ssl' is still missing some configuration/settings.
–
RSchulzeOct 17 '13 at 0:03

I believe because the way SSL works (ip address-dependent) that you won't be able to block requests at the apache level. If you're working w PHP or such, you could have an include file that checks the $_SERVER['HTTP_HOST'] and dies if it's your ip address.